GOVERNMENT

DARPA Dangles $2 Million For Security Automation Idea

Agency's latest challenge will award $2 million to team that builds an unmanned, self-patching network defense system capable of responding to cyber-attacks.

DARPA Robot Challenge: Disaster Recovery

(click image for larger view)

The Defense Advanced Research Projects Agency (DARPA) is recasting the focus of its $2 million Grand Challenge from autonomous vehicles to autonomous networks, putting the agency one step closer to creating the mythical Skynet. The latest in a series of major innovation competitions sponsored by the agency is intended to "drive automation revolution in information security."

Teams participating in the Cyber Grand Challenge will build fully automated network defense systems that compete against each other by evaluating software, testing for vulnerabilities, creating security patches and applying them to protected computers on a network, DARPA said. The concept is similar to computer security tournaments involving trained experts, but in this case unmanned systems will be competing.

The evolution of cyber-attacks and malware is driving the need for automation in IT security analysis. Thus the goal of the Cyber Grand Challenge is to create a self-patching system that could respond to attacks, and even go a step further by reconciling security problems before they happen. "Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber-attack may change from zero-day to zero-second," DARPA program manager Mike Walker said in a written statement.

The cyber competition will take place on a "network framework purpose-built to interface with automatic systems," according to DARPA. Competitors will have a series of challenges, including a qualifying event where a collection of software will be analyzed. Teams that qualify will need to automatically identify, analyze and repair software flaws. Top experts from various computer security disciplines, such as reverse engineering, formal methods and program analysis are expected to participate. The agency said it will host teaming forums on the official Cyber Grand Challenge websiteto promote extensive participation.

A select group of top competitors will join the Cyber Grand Challenge final event, scheduled for early to mid-2016. In that event, each team's system will be required to automatically identify software flaws and scan the network to find affected hosts. The highest scores will go to systems that are most capable of protecting hosts, scanning the network for vulnerabilities and maintaining software function.

The winning team will receive $2 million. $1 million will go to second-place competitors, and third place teams will get $750,000.

This isn't the first time that DARPA has shelled out millions of dollars for such a competition. The tradition of DARPA Grand Challenges started with self-driving cars. In October 2005, Stanford University's robotic vehicle, Stanley, won $2 million for beating out the competition and finishing a 132-mile course through the Mojave Desert. The Robotics Challenge -- focusing on autonomous robots -- followed. That challenge kicked off in October 2012 and is scheduled to run through 2014, with three planned competitions, one virtual and two live.

Reports

Comments

wyatt.kash@ubm.com

User Rank: Apprentice

Fri, 10/25/2013 - 17:50

re: DARPA Dangles $2 Million For Security Automation Idea

When you consider this new Grand Challenge, and some of DARPA's other recent challenges, like its' Robot Challenge -- http://twb.io/19fvrgj -- it's hard to ignore how the pieces are coming together that set the stage for 1984 classic "The Terminator."

DARPA is always at the forefront of innovation and forward looking technologies. Tackling cybersecurity and involving the best and the brightest in a competition to push the envelope in securing autonomous networks is exciting. It will also likely bring new technologies, methods, and dividends to our vulnerable critical infrastructure networks

I guess it's the part about the computer protecting itself that makes me superstitious. Never mind Skynet, I find it too easy to imagine myself trying to delete a file and having that HAL voice tell me, "I'm sorry, I can't do that Dave. This sort of thing has come up before, and it has always been due to human error."